Vulnerabilities in Apache Software Foundation

1,872 results

CVE-2021-25329—Incomplete fix for CVE-2020-9484EPSS 9.5%CVE-2025-64408MEDIUMApache Causeway: Java deserialization vulnerability to authenticated attackersEPSS 9.4%CVE-2017-7672—If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will EPSS 9.4%CVE-2018-1327—The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request witEPSS 9.2%CVE-2016-6812—The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page whiEPSS 9.2%CVE-2018-8026—This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (EPSS 9.0%CVE-2017-15691—In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, EPSS 9.0%CVE-2024-56337CRITICALApache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incompleteEPSS 8.9%CVE-2022-24070—Apache Subversion mod_dav_svn is vulnerable to memory corruptionEPSS 8.8%CVE-2017-12627—In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain EPSS 8.8%CVE-2018-8012—No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha throuEPSS 8.7%CVE-2018-17190—In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'woEPSS 8.7%CVE-2021-26291—block repositories using http by defaultEPSS 8.7%CVE-2025-27533MEDIUMApache ActiveMQ: Unchecked buffer length can cause excessive memory allocationEPSS 8.6%CVE-2018-8040—Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This afEPSS 8.6%CVE-2017-12621—During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entityEPSS 8.5%CVE-2019-0197—A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 oEPSS 8.4%CVE-2016-6795—In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will beEPSS 8.4%CVE-2026-27446CRITICALApache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federationEPSS 8.3%CVE-2016-6796—A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 toEPSS 8.3%

← previouspage 15 / 94next →